Remote Code Execution Vulnerability in Cisco Wireless LAN Controller Software
CVE-2018-0245

5.3MEDIUM

Key Information:

Vendor
Cisco
Status
Cisco 5500 And 8500 Series Wireless Lan Controller
Vendor
CVE Published:
2 May 2018

Summary

A vulnerability in the REST API of Cisco 5500 and 8500 Series Wireless LAN Controller Software allows an unauthenticated, remote attacker to access restricted system information. This issue originates from insufficient input validation protocols within the REST API URL requests. By crafting a malicious URL, an attacker can exploit this flaw to gain insights into sensitive details that are typically secured from unauthorized access. The exposure poses a risk to the integrity of network operations and demand immediate attention to prevent unauthorized disclosures of system configurations and data.

Affected Version(s)

Cisco 5500 and 8500 Series Wireless LAN Controller Cisco 5500 and 8500 Series Wireless LAN Controller

References

https://tools.cisco.com/security/center/content/CiscoSecu...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/104123
vdb-entryx_refsource_BID
http://www.securitytracker.com/id/1040823
vdb-entryx_refsource_SECTRACK

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.